#! /bin/sh
# simple_server_firewall (Bourne shell script) -- a default-deny firewall with a few exceptions
# Usage: simple_server_firewall <interface>

if [ -z "$1" ] ; then
  echo simple_server_firewall: interface name must be supplied >&2
else
  # block all incoming packets by default
  iptables --policy INPUT DROP

  # == Exceptions ==
  iptables -A INPUT -i lo -j ACCEPT     # ...those on the loopback interface
  iptables -A INPUT -i $1 -s localhost -j ACCEPT  # ICMP datagrams

  iptables -A INPUT -i $1 --match state --state ESTABLISHED -j ACCEPT  # those belonging to existing connections

  iptables -A INPUT -i $1 -p icmp -j ACCEPT  # ICMP datagrams
fi